sa account attacks - SQL Server Forums

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

SQL Server 2008 Forums

SQL Server Administration (2008)

sa account attacks

Author

Topic

kpgraci
Yak Posting Veteran

68 Posts

Posted - 2011-07-08 : 09:34:05

In the server logs I see a lot of brute force attacks on the sa account.

Is the sa account name required or can I rename it to something else?

kpg

robvolk
Most Valuable Yak

15732 Posts

Posted - 2011-07-08 : 09:43:22

You can't rename sa, but you can choose a very strong, random password. You can also disable the sa login.

Make sure that your applications are not using sa, and also have another account with sysadmin privileges (preferably a Windows login) in case sa gets locked and you need to access SQL Server.

kpgraci
Yak Posting Veteran

68 Posts

Posted - 2011-07-11 : 16:49:09

quote:
Originally posted by robvolk

You can't rename sa, but you can choose a very strong, random password. You can also disable the sa login.

hmmm...

I renamed it per this example:

ALTER LOGIN sa DISABLE;
ALTER LOGIN sa WITH NAME = IAMGOD;
ALTER LOGIN IAMGOD ENABLE;

And I disabled it using the property dialog, which I suppose could be done as:

ALTER LOGIN sa DISABLE;
ALTER LOGIN sa WITH NAME = IAMGOD;

kpg

robvolk
Most Valuable Yak

15732 Posts

Posted - 2011-07-11 : 16:58:56

Wow, I did not know that was possible.

Good to know! I'd recommend picking a nondescript name though, IAMGOD is somewhat obvious.

GilaMonster
Master Smack Fu Yak Hacker

4507 Posts

Posted - 2011-07-11 : 17:10:28

You can rename it. I still recommend disable. If it's altered there's still a chance it could be guessed. If it's disabled it cannot be used.

If you do rename, as a safety precaution, change it back to 'sa' before applying service packs or upgrading. There have been problems with upgrades when the sa account has been renamed (sa hardcoded in the scripts)

--
Gail Shaw
SQL Server MVP

tkizer
Almighty SQL Goddess

38200 Posts

Posted - 2011-07-11 : 20:13:18

Note that you'll still see the "login failed" messages in your error log, so you'll want to completely block that intruder via a firewall (or similar).

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog

jeffw8713
Aged Yak Warrior

819 Posts

Posted - 2011-07-11 : 22:06:41

Just a warning, but there have been several cases where renaming sa has caused service pack/hot fix updates to fail. I don't recommend renaming it - but disabling the login is fine.

I normally don't worry about renaming or disabling, because when I setup a system I use at least a 20 character randomly generated very strong password. Once the setup is done, I put that password in a safe and nobody gets access to it.

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources